As political narratives increasingly unfold in the digital sphere, the security of individuals, information, and democratic processes themselves hinges on robust cyber defenses. Recognizing this critical challenge, The Youth Café hosted a crucial webinar on Friday, September 12, 2025, titled “Digital Safety During Elections.”

The session, moderated by Shirley Jemeli, featured a presentation from Jacinta Wothaya, Programme Advisor, Digital Resilience at KICTANet’s Tatua Digital Resilience Centre. The webinar targeted a diverse and critical audience, including activists, journalists, human rights defenders, election monitors, youth leaders, and peer educators. The session’s central aim was to strengthen the capacity of these key actors to protect their online presence, secure sensitive information, and reduce vulnerability to the increasingly sophisticated cyber threats prevalent during electoral cycles.

Mapping the Digital Threat Landscape

Jacinta Wothaya opened the session by mapping the digital ecosystem that electoral actors must navigate. She emphasized that election periods are marked by increased targeted attacks, making it crucial to understand the vulnerabilities. The entire discussion was framed by the question: What are the biggest online threats during election periods?

Ms. Wothaya identified three primary categories of attack that target democratic processes and individuals:

1. Phishing, Hacking, and Impersonation: This triad is designed to compromise accounts and steal sensitive data. Phishing attacks, she explained, are often customized for political targets, mimicking official party communications or trusted organizations to trick recipients into revealing passwords. "These aren't random emails," Wothaya stated. "They are highly sophisticated attempts to gain access to political strategy, campaign donor lists, or confidential journalistic sources."

2. Online Harassment and Doxxing: These attacks are personal and designed to silence dissent. Doxxing—the publication of an individual’s private or identifying information (like home address, phone numbers, or family details)—is deployed to intimidate activists and journalists, forcing them into self-censorship through fear of physical harm.

3. Malicious Infrastructure Analysis: Drawing on her background in threat intelligence, Ms. Wothaya detailed how adversaries use malicious infrastructure to sustain long-term attacks, including bot networks and automated campaigns designed to amplify disinformation, impersonate key figures, or create the illusion of widespread support for a false narrative.

Fortifying the Digital Self: Essential Cyber Hygiene

The session underscored that the best defense begins with individual behavior, dedicating a core subtopic to "Cyber hygiene for citizens, activists, and journalists." Ms. Wothaya stressed that even the most advanced security tools are useless if basic personal protocols are breached. Addressing the question, How can voters protect themselves from phishing and impersonation?, she offered a practical toolkit for digital defense:

• Implement Two-Factor Authentication (2FA): This was designated as the single most effective defense against compromised accounts. Participants were urged to set up 2FA for all high-value accounts (email, social media, cloud storage) using authenticator apps rather than SMS, as text-based codes are vulnerable to SIM-swap attacks.

• Strong and Unique Passwords: The use of a reliable password manager was highly recommended to create and store unique, complex passphrases for every account, thereby preventing a breach in one service from compromising a user’s entire digital life.

• Practice Critical Skepticism: Wothaya emphasized the need for users to develop "digital resilience", the ability to recognize and resist a social engineering attack. "Never click on a suspicious link, no matter how urgent the email seems," she advised. "Always verify the authenticity of a request by contacting the purported sender through an independent channel, not by replying to the suspicious email."

Securing the Information Lifeline

For the target audience of journalists, human rights defenders, and activists, the subtopic "Protecting sources and sensitive information" was vital. These actors rely on secure communication to protect whistleblowers and ensure the confidentiality of sensitive political data. Ms. Wothaya guided participants through the question, Which tools or apps help secure communication with sensitive sources?, advocating for a zero-trust approach to digital interactions:

• Signal: Recommended as the industry standard for encrypted communication, Signal provides end-to-end encryption (E2EE) for all messages, calls, and file transfers, ensuring that only the sender and recipient can access the content. Its focus on minimizing metadata collection is also crucial for protecting source anonymity.

• ProtonMail: For email, she recommended ProtonMail for its E2EE and operation under strict Swiss privacy laws, providing a layer of legal protection against data requests that might not exist elsewhere.

• Encrypted Drives: For the storage of sensitive documents, such as election monitoring reports or whistleblower evidence, Wothaya recommended the use of encrypted drives (either physical or virtual), stressing that data must be secured at rest. "If your device is lost or compromised," she explained, "encryption is the only thing that stands between your source’s identity and an adversary."

 Strategy for Response: Dealing with Harassment

The final pillar of resilience focused on the necessary response strategy for victims of digital attacks, addressing the challenge of responding to online harassment and doxxing. Answering the crucial question, How should one respond to online harassment during elections?, Ms. Wothaya outlined a critical, three-step protocol:

1. Immediate Documentation and Digital Lockdown: The very first step is to capture screenshots and record the URLs of all harassing content and doxxed information, as evidence can be deleted quickly. Simultaneously, immediately change all passwords and tighten privacy settings on all social media profiles.

2. Avoid Engagement: The most vital advice is to never engage or retaliate. Adversaries often seek a response to fuel their campaign. Disengaging denies them the attention they crave and prevents the accidental sharing of more personal data.

Conclusion: Building a Resilient Digital Democracy

The webinar was a powerful reminder that digital safety during elections is an active, ongoing process, not a one-time fix. Jacinta Wothaya's detailed guidance successfully moved the diverse audience of activists, journalists, human rights defenders, election monitors, and youth leaders from recognizing threats to implementing practical defense mechanisms.

The core message of the session was that digital safety is a collective responsibility. By strengthening eindividual cyber hygiene, prioritizing E2EE communication, and fostering a culture of strategic response to harassment, the key stakeholders in Kenya's democratic process can effectively protect themselves, their sources, and the integrity of the information ecosystem. This active defense of the digital frontier is vital for ensuring free, fair, and credible elections.